Access Analyzer: The who, what, and why of access path analysis
Skybox Blog Team Jul 13, 2015
Network security engineers have to understand who has access to what on their network, and why. In enterprise-scale networks, such path analysis can be a huge challenge.
Simple tools like Traceroute are often used, but it has its own operational issues—namely, you have to be on the same machine you’re analyzing. This asset-centric method of path analysis can create network blind spots and make it difficult to bring your whole network and security controls into view.
Using sophisticated network modeling, you can bypass the need to be on the machine you’re analyzing. The model provides an accurate, up-to-date, and interactive space to learn about how your network is functioning as one body, rather than separately functioning parts. Taking into account your network’s unique topology, the model enables a quick, detailed path analysis and delivers act-on data for fast and optimized security.
Building on the routing information and access rules in the network model, Skybox Access Analyzer ensures continuous network zone and firewall compliance. By understanding your security policies, Access Analyzer can easily determine if the right users have the right access.
How it works
Access Analyzer takes routing information from all your different network devices and calculates all potential paths from any source to any destination. It then analyzes all the applicable firewall rule sets to map out the accessibility. Combining the routing information and firewall rule analysis, Access Analyzer determines what paths can be accessed or blocked and why.
This solution lets you visualize what paths can be used, easily see firewalls in the path to create reports or make necessary changes, and get a detailed view of each step in the route and security controls to prevent it—all in minutes.
How you can harness it
Access Analyzer can also help simulate attacks on your network to better understand network weaknesses that could be exploited in a real attack. Integrating with vulnerability data, you can use attack simulation as a virtual pen test, identifying vulnerabilities in your network that can be accessed by different threat vectors.
You can also improve firewall change planning with Access Analyzer. When a change request comes through, automatically analyze the path, the firewalls therein, and what rules need to be changed or the rules that allow the path already.